Firefox's powerful add-on system is arguably one of the browser's best features, but it is also occasionally a source of problems for Mozilla. Policing the add-on ecosystem to ensure that third-party code doesn't degrade the quality of the Firefox user experience is a major challenge. It's a problem across the ecosystem of web browsers, and some vendors, like Microsoft with its upcoming Metro version of Internet Explorer, don't allow third-party plugins at all. In contrast, Firefox users have a sea of add-ons at their disposal, but there is danger lurking below the surface.

The problem is being compounded by external software that hijacks browser settings and circumvents mechanisms that the browser uses to protect users from intrusive add-ons. Mozilla's Michael Verdi wrote a blog post last week drawing attention to the issue and calling out some questionable behavior observed in Ask's browser toolbar.

When the browser displays the prompt, the Ask toolbar updater paints a giant green arrow over the screen, pointing to the "Allow this installation" checkbox.

A number of popular free Windows applications, such as the Trillian instant messaging client, bundle the Ask.com toolbar in their installers. Once installed, the Ask toolbar will take up residence beneath the browser's navigation bar. It will also change the user's default home page to Ask.com and change the browser's built-in search box so that Ask.com is the default search engine.

Of course, none of those behaviors are all that surprising. Crapware toolbar plugins from various vendors have been around for years and have historically afflicted users in similar ways across multiple browsers. Mozilla tackled the issue last year by augmenting Firefox's add-on system with a protection mechanism that disables forcibly side-loaded add-ons at startup and then displays a prompt, giving users control over which ones are enabled.

The problem that Verdi raises in his blog post is that the latest version of the Ask toolbar installer takes over the prompt screen and instructs users to allow the installation to continue. The manner in which it does so could potentially create confusion among users, giving them the mistaken impression that the browser is instructing them to enable the add-on.

The Ask toolbar updater, which is a background process that is left running on the computer, monitors Firefox in order to determine when the browser is showing the rogue add-on protection prompt. When the browser displays the prompt, the Ask toolbar updater paints a giant green arrow over the screen, pointing to the "Allow this installation" checkbox. It also paints a yellow bubble at the end of the arrow instructing the user to click the checkbox.

Ask.com didn't intend for this overlay to mislead users. The company apparently made an effort to reduce the potential confusion by putting the phrase "Powered by Ask" in small letters on the yellow bubble. The company also contacted Mozilla before implementing the overlay.

But this effort isn't really sufficient to prevent confusion. As Verdi explains, Mozilla's end-user support community frequently sees users struggling to get their default search engine and home page back after the settings have been altered without their consent by third-party applications. Users tend to blame the browser for the changes and don't realize the actual cause. Like many similar pieces of software, the Ask toolbar doesn't restore the user's original settings when it is uninstalled.

In a video demonstration on the blog post, Verdi showed how the toolbar is bundled with Trillian. When a user launches the Trillian installer and simply clicks the "next" button all the way through without reading the individual pages, they get the toolbar by default without realizing that it is being installed.

Verdi filed a report about the Ask toolbar in the Mozilla issue tracker last month, asking for the rogue add-on prompt to be improved to prevent tampering. When it became clear that the overlay was actually being implemented by the Ask installer outside of the browser, the report was closed with the "WONTFIX" status because there is no technical means by which such tampering can be prevented.

Memory overload

Another problematic add-on that was recently called out by a Mozilla employee is the McAfee Site Advisor, a product that integrates with the user's Web browser and displays safety ratings for websites. Nicholas Nethercote, who leads Mozilla's MemShrink project, issued a warning about an "appalling memory leak" in the McAfee browser add-on.

He investigated the add-on himself after seeing reports from users about inflated memory usage. He found that it has a severely negative impact on Firefox's memory consumption and is so bad that can potentially impacts the browser's performance and stability.

"This morning I tested Site Advisor 3.4.1 myself, and found that, when enabled, it leaks every single content compartment that is created. In other words, most of the JavaScript memory used for any page opened with Firefox is never reclaimed," he wrote. "In terms of memory consumption, this is pretty much the worst possible behavior for an add-on. This excessive memory consumption is likely to cause Firefox to run much more slowly and crash much more often."

He filed a bug report earlier this month recommending that Mozilla consider blacklisting the add-on if McAfee proved unable to resolve the issue in a timely manner. Fortunately, McAfee began working to address the problem when it was brought to its attention. The company released an update this week that reportedly resolves the large memory overhead.

This isn't the first time that problems have arisen with McAfee add-ons. The company's SiteAdvisor and ScriptScan add-ons were both scrutinized by Mozilla last year due to crashes and bugs. These incidents further illustrate how third-party code can degrade the Firefox user experience. Users who don't realize that an add-on is responsible for the problems they experience in Firefox will likely blame the browser itself rather than the actual culprit.

Combating bad add-ons

Mozilla polices its add-on ecosystem and routinely verifies the safety and stability of third-party add-ons that are hosted on the official addons.mozilla.org (AMO) website. Mozilla recently expanded the AMO review process to include more intensive analysis of memory consumption so that it can catch add-ons that suffer from serious leaks.

A significant number of popular add-ons are installed from external sources, however, which means that they aren't subjected to Mozilla's review process. Justin Scott, who leads Mozilla's add-on team, reported last year that only 25 percent of the 600 million add-ons used every day by Firefox users are hosted in AMO.

Mozilla has very little influence over the add-ons that are hosted outside of its own repository. When reaching out to the developers of seriously flawed add-on fails, Mozilla's last line of defense is the blacklist. The blacklist mechanism is a remote kill-switch that allows Mozilla to immediately disable abusive add-ons. It is used only in the most extreme situations as a solution of last resort.

The blacklist is used to disable add-ons that expose users to serious privacy or security risks. It has been used ten times so far in February to terminate add-ons that behaved like malware. Mozilla publishes a full list of blacklisted add-ons for transparency purposes. A brief look at some of the recent entries show behaviors like stealing the user's Facebook cookies or injecting additional advertisements in Web pages. Mozilla typically takes action against such add-ons quickly. In cases of extremely obvious malicious behavior, an add-on can be blacklisted within mere hours after being reported.

The blacklist can also be used to kill buggy add-ons that are having prodigiously negative consequences for performance and stability. One noteworthy precedent is an incident that occurred last year when Mozilla decided to block Skype's toolbar add-on for Firefox. The Skype add-on caused 33,000 Firefox crashes in a single week and degraded performance so badly that it made DOM manipulation 300 times slower in certain cases. The add-on was removed from the blacklist after the problems were resolved.

The challenges of maintaining an ecosystem

The difficulties that Mozilla is facing from add-ons are similar to those faced by any platform that is open to third-party software. Insulating users from the detrimental effects of malware and poorly-implemented applications is a major challenge. To Mozilla's credit, the organization has handled the issue impressively well, with a focus on transparent enforcement and user freedom.

In light of the situation, it's not hard to understand why Microsoft chose to ban Internet Explorer plugins entirely in the Windows 8 Metro browsing experience. The downside of such an extreme choice, however, is that it will significantly reduce the browser's flexibility for users who rely on useful third-party enhancements. It's not clear yet whether Microsoft's decision will lock popular tools like the Evernote Web Clipper and 1Password out of the Metro flavor of Internet Explorer.

There are analogous issues at play in the broader operating system space. The proliferation of problematic software is putting pressure on platform vendors to impose increasingly restrictive policies on their respective ecosystems and erect technical barriers that limit the flexibility of third-party code.

Apple's move to mandate sandboxing in the Mac App Store and encourage code signing for external applications is raising serious concern among some longtime Mac OS X developers and users. But Apple feels that such measures are necessary to protect users from the small but growing threat of Mac OS X malware. Microsoft is similarly responding to the malware threat by moving towards a more restrictive approach to managing third-party software for the Metro environment.

The challenge of creating an ecosystem that offers rich extensibility without compromising the safety of end users is likely to be a major problem in the software industry for many years to come. The manner in which platform vendors balance user empowerment and security will be a major that factor that shapes the contours of modern computing.

Microsoft can ban whatever they want. But most serious web devs I know use mozilla because of the tools that they can add. It sounds like Mozilla is doing its best. In the end, it comes down to being informed about what you are doing. Stupid people do stupid things. Nothing will ever change that though.

Is there a third-party plugin like Adblock plus, but functions for add-ons? I would LOVE to be able to set up my familys' browsers and install some 'pluginBlock Plus' that will keep them from being afflicted by the ask toolbar, yahoo browserplus, Site Advisor and all the other crapware that can accumulate.

Microsoft can ban whatever they want. But most serious web devs I know use mozilla because of the tools that they can add. It sounds like Mozilla is doing its best. In the end, it comes down to being informed about what you are doing. Stupid people do stupid things. Nothing will ever change that though.

Yeah, why should Mozilla take responsibility for their ecosystem, fuck that! Users are stupid!!&

Good grief technically knowledgeable people are insufferable sometimes.

Microsoft can ban whatever they want. But most serious web devs I know use mozilla because of the tools that they can add. It sounds like Mozilla is doing its best. In the end, it comes down to being informed about what you are doing. Stupid people do stupid things. Nothing will ever change that though.

Yeah, why should Mozilla take responsibility for their ecosystem, fuck that! Users are stupid!!&

Good grief technically knowledgeable people are insufferable sometimes.

Mozilla is taking responsibility. They are implementing things like blacklists to deal with the worst offenders. But there is a limit to what they can do. Personally, I haven't had a problem with any plugins. Just because some users don't understand what they are doing doesn't mean we should live in a walled garden like Apple and Microsoft would have for us.

Is there a third-party plugin like Adblock plus, but functions for add-ons? I would LOVE to be able to set up my familys' browsers and install some 'pluginBlock Plus' that will keep them from being afflicted by the ask toolbar, yahoo browserplus, Site Advisor and all the other crapware that can accumulate.

That's actually a good idea. A local whitelist that prevents unwanted plugins.

Is there a third-party plugin like Adblock plus, but functions for add-ons? I would LOVE to be able to set up my familys' browsers and install some 'pluginBlock Plus' that will keep them from being afflicted by the ask toolbar, yahoo browserplus, Site Advisor and all the other crapware that can accumulate.

That's actually a good idea. A local whitelist that prevents unwanted plugins.

It would be nice, but then I thought about it. Unless it got some escalation of privileges from Mozilla itself, it would be just another browser plugin that other plugins could counteract. Ask.com and yahoo would just write in a little extra code to disable pluginblock.

Mozilla is taking responsibility. They are implementing things like blacklists to deal with the worst offenders. But there is a limit to what they can do. Personally, I haven't had a problem with any plugins. Just because some users don't understand what they are doing doesn't mean we should live in a walled garden like Apple and Microsoft would have for us.

Mozilla has no responsibility to, but It could use its blacklist more aggressively. It could update its policy to something like: "Any plugin whose owners voluntarily attach it to a third-party installer as crapware will be blacklisted. We realize that this will also prevent legitimate installs of said plugin, but how many people explicitly decide to install Yahoo Browserplus?"

There would be some grumbling from ask.com and yahoo, but the userbase would be much happier. Mozilla could mandate a huge portion of crapware out of existence with minimal side effects.

Mozilla has no responsibility to, but It could use its blacklist more aggressively. It could update its policy to something like: "Any plugin whose owners voluntarily attach it to a third-party installer as crapware will be blacklisted.

This. Make all forms of bundling an automatic blacklisting offense. Any add-on worth having is worth installing manually. Think I'll submit an RFE to Bugzilla now...

"Microsoft is similarly responding to the malware threat by moving towards a more restrictive approach to managing third-party software for the Metro environment."

They *claim* it's for malware protection. What it is *actually* for, however, is to lock as many people as possible into the app store they're going to be running.

And I've noticed Mozilla has this nasty habit of blaming addons for every problem with Firefox, especially when it comes to memory usage. (I still see no reason why FF4 and higher should use 3-5 times, and often more!, the memory that FF3 is currently using with the same addons. It's a rare event for me that FF3 goes above 200MB used, yet FF4+ regularly consumed 500MB to over a gig)

Mozilla has no responsibility to, but It could use its blacklist more aggressively. It could update its policy to something like: "Any plugin whose owners voluntarily attach it to a third-party installer as crapware will be blacklisted.

This. Make all forms of bundling an automatic blacklisting offense. Any add-on worth having is worth installing manually. Think I'll submit an RFE to Bugzilla now...

+1. The few add-ons that make sense to bundle are so few and far between that I think they don't justify the practice. Send the user to a site where they can choose to download if they wish. Otherwise, blacklist the practice out of existence.

Mozilla is taking responsibility. They are implementing things like blacklists to deal with the worst offenders. But there is a limit to what they can do. Personally, I haven't had a problem with any plugins. Just because some users don't understand what they are doing doesn't mean we should live in a walled garden like Apple and Microsoft would have for us.

Yeah and I think they've banned one addon so far. In practice it's extremely hard to find out which addon is misbehaving. At least I haven't found any simple way to see how much memory is allocated by what addon.

If there was a simple metric that would show memory usage of addons, this whole thing would be a much smaller problem. At the moment you basically have to guess which addon is making problems or disable them one by one - horrible user experience that and this clearly is a problem for Firefox users.. it certainly is for me.

I don't even think I know the difference. What value is there in knowing the difference between a plug-in and addon?

Is that like the difference between a stick and a rod?

Plug-ins are things like Flash and Java. Native code that uses a browsers API to display HTML objects.Add-ons are things like AdBlock Plus and NoScript. Add-Ons are more lightweight and typically use some sort of scripting-language for their implementation.

On a serious note, FF is an add-on platform and the shitty new release cycle isn't helping anyone. If it wasn't for the add-ons nobody would use FF. FF could consume 5GB of RAM and I wouldn't care, just don't break my add-ons!

Microsoft can ban whatever they want. But most serious web devs I know use mozilla because of the tools that they can add. It sounds like Mozilla is doing its best. In the end, it comes down to being informed about what you are doing. Stupid people do stupid things. Nothing will ever change that though.

Yeah, why should Mozilla take responsibility for their ecosystem, fuck that! Users are stupid!!&

Good grief technically knowledgeable people are insufferable sometimes.

You can only do so much to "help" users without taking away all of their control (i.e. a walled garden). If you don't choose to use a walled garden ecosystem, then you and you alone are responsible for your box. Now, I don't have a problem with walled gardens in and of themselves. If you want to abdicate control of your hardware and software, fine. Just allow me and those like me an opt-out option.

And really, if you cannot recognize simple malware for what it is, then you really do need a walled garden where Big Brother makes decisions for you. Cue idiotic superhero theme: "With great freedom/power comes great responsibility."

On a serious note, FF is an add-on platform and the shitty new release cycle isn't helping anyone. If it wasn't for the add-ons nobody would use FF. FF could consume 5GB of RAM and I wouldn't care, just don't break my add-ons!

Fire Asa Dotzler NOW!

Why are you complaining to them? It's the addon makers fault, not Mozilla.

I keep hearing a lot of people talk about how their addons get broken by FF releases. But the only add-on I've ever seen broken by new FF releases has been my AVG add-on. And that tends to get updated relatively quickly. Most addons that I use never get touched by FF updates.

If addon developers aren't going to put forth the effort to at least keep their addons working, why should the FF developers? It's not like FF has entire release channels for the next version of browsers available, thus making it easy for developers to test their addons.

On a serious note, FF is an add-on platform and the shitty new release cycle isn't helping anyone. If it wasn't for the add-ons nobody would use FF. FF could consume 5GB of RAM and I wouldn't care, just don't break my add-ons!

Fire Asa Dotzler NOW!

Why are you complaining to them? It's the addon makers fault, not Mozilla.

I keep hearing a lot of people talk about how their addons get broken by FF releases. But the only add-on I've ever seen broken by new FF releases has been my AVG add-on. And that tends to get updated relatively quickly. Most addons that I use never get touched by FF updates.

If addon developers aren't going to put forth the effort to at least keep their addons working, why should the FF developers? It's not like FF has entire release channels for the next version of browsers available, thus making it easy for developers to test their addons.

Furthermore, in most of the cases where addons are disabled, they don't actually break. It's just that FF disables them unless the addons are explicitly compatible with that version of FF. This behavior will be changing with FF 10. The default behavior will be to automatically assume an addon is compatible.

My rule of thumb is that if any software feels the need to install any other software, then I don't need either.

Quote:

Is there a third-party plugin like Adblock plus, but functions for add-ons? I would LOVE to be able to set up my familys' browsers and install some 'pluginBlock Plus' that will keep them from being afflicted by the ask toolbar, yahoo browserplus, Site Advisor and all the other crapware that can accumulate.

Quote:

It would be nice, but then I thought about it. Unless it got some escalation of privileges from Mozilla itself, it would be just another browser plugin that other plugins could counteract. Ask.com and yahoo would just write in a little extra code to disable pluginblock.

On a family computer, it would be a great new feature for FF itself, though.

If addon developers aren't going to put forth the effort to at least keep their addons working, why should the FF developers? It's not like FF has entire release channels for the next version of browsers available, thus making it easy for developers to test their addons.

It's perfectly legitimate to complain to Mozilla. Mozilla's main advantage over Chrome is its addons. That is to say, Firefox relies upon hundreds of hours of unpaid volunteer labor. Some Mozilla developers are paid, the addon developers rarely are.

Your attitude-- that Mozilla can make those volunteer jobs more difficult, and that the volunteers are ethically obligated to jump through more hoops just because Mozilla says so-- is entitled, asinine and absolutely poisonous to the Mozilla project.

The fact that Mozilla has made decisions in the past WITHOUT giving more primacy to the add-on developer community has already taxed the goodwill and patience of that community.

On a serious note, FF is an add-on platform and the shitty new release cycle isn't helping anyone. If it wasn't for the add-ons nobody would use FF. FF could consume 5GB of RAM and I wouldn't care, just don't break my add-ons!

Fire Asa Dotzler NOW!

Why are you complaining to them? It's the addon makers fault, not Mozilla.

I keep hearing a lot of people talk about how their addons get broken by FF releases. But the only add-on I've ever seen broken by new FF releases has been my AVG add-on. And that tends to get updated relatively quickly. Most addons that I use never get touched by FF updates.

If addon developers aren't going to put forth the effort to at least keep their addons working, why should the FF developers? It's not like FF has entire release channels for the next version of browsers available, thus making it easy for developers to test their addons.

Furthermore, in most of the cases where addons are disabled, they don't actually break. It's just that FF disables them unless the addons are explicitly compatible with that version of FF. This behavior will be changing with FF 10. The default behavior will be to automatically assume an addon is compatible.

yup. All addons are now default compatable from here on out. Addons should never again break on an update unless there is something very wrong with them or it is seriously out of date.

If there was a simple metric that would show memory usage of addons, this whole thing would be a much smaller problem. At the moment you basically have to guess which addon is making problems or disable them one by one - horrible user experience that and this clearly is a problem for Firefox users.. it certainly is for me.

You can find out quite a lot by pointing a page to "about:memory" - this gives you a detailed report of where your memory is going. The results can be surprising!

If you're a developer and comfortable running more low-level tools, you may want to look at about:nosy. It's an addon that runs memory probes to figure out exactly where the memory is going. It's definitely a developer tool - not recommended for casual users. https://github.com/asutherland/about-nosy/

I have not had a problem with any plugins wrt behavior or updating. With flexibility comes responsibility. Mozilla can do what it can but in the end, short of a curated walled garden plugin "store", nothing can stop a retarded user from adding all kinds of shit. It's just the way the cookie crumbles. Users can install dangerous crap on Windows, MacOS, Linux but that is the price you pay for a full-featured OS. Same applies here.

I mean, I find it ridiculous that people bitch that IE9 does not allow plug-ins but then bitch that Firefox requires a little bit of care for its vast number of plugins. Idiots should use IE9. That is all.

"Microsoft is similarly responding to the malware threat by moving towards a more restrictive approach to managing third-party software for the Metro environment."

They *claim* it's for malware protection. What it is *actually* for, however, is to lock as many people as possible into the app store they're going to be running.

And I've noticed Mozilla has this nasty habit of blaming addons for every problem with Firefox, especially when it comes to memory usage. (I still see no reason why FF4 and higher should use 3-5 times, and often more!, the memory that FF3 is currently using with the same addons. It's a rare event for me that FF3 goes above 200MB used, yet FF4+ regularly consumed 500MB to over a gig)

You sound like you'd be satisfied with IE (now that the mem leak issues are mostly resolved -- WMP aside) as a fairly casual user. The benefit of using newer browsers is more inherent features. The cost, of course, is in system resources. Look at Chrome: in 10 iterations it grew at least twice as mem hungry...once you browsed to a webpage, because sandboxing.

As for Microsoft, they're just doing their thing, and beating Apple to the punch. Get used to the walled gardens, they're probably going to be a permanent feature of the internet landscape. Which I don't view as a bad thing; I actually prefer the walled garden as the default option. The more idiot-proof the internet is for actual idiots, the less idiot-proof it needs to be for me.

Yes, as a power user I pay a premium for things like Windows Not-Basic (so I can turn off all those background processes I don't actually need), but that's nothing new. I also pay more for more robust virus protection than McLaughing and So-sotech provide, but I appreciate that more and more amateur users are getting McAfee and Symantec anti-virus protection, since it means I'm less likely to come across them myself.

BTW this article should have been entitled "Firefox Plugins Gone Wild" and ditch the gay "behaving badly". It reminds me of Butters: "Do.you.know.what.I.am.saying?" What is wrong with you people?

You should watch something besides porn once in a while, it's a take on "Men Behaving Badly" (great comedy).

How hard is it to set up a certification program where a plugin is run in a test environment to find basic things like memory leaks? It's just a plugin, throw a pile of data at it in an automated test and look at the results. If memory usage, cpu usage, harddrive activity, data sent/received, etc goes through the roof then it's bad.

(advanced) user adjustable permissions, limits & priorities system for those who know what it is and want it would be nice. Testing (possibly largely automated) followed by digital signing for popular mainstream plug-ins would be nice for the masses who want things to 'just work' and be fairly safe. Goes with out saying that some degree of sand-boxing where possible is desirable.

Ask.com didn't intend for this overlay to mislead users. The company apparently made an effort to reduce the potential confusion by putting the phrase "Powered by Ask" in small letters on the yellow bubble.

The fuck they didn't intend for it to mislead users. I am so sick of this underhanded bullshit hijacking people's browsers. Do you know how many toolbars and malicious add-ons I had to uninstall from someone's laptop the other day? It is exactly because of tactics like these where they piggy-back their installers/updaters on legit message dialogs or design them to look the same. No company that uses these tactics is ever going to find its software on my PC, and as long as people still ask me to help them with their computer problems it won't be allowed on theirs either.

As for Microsoft, they're just doing their thing, and beating Apple to the punch. Get used to the walled gardens, they're probably going to be a permanent feature of the internet landscape. Which I don't view as a bad thing; I actually prefer the walled garden as the default option. The more idiot-proof the internet is for actual idiots, the less idiot-proof it needs to be for me.

Yes, as a power user I pay a premium for things like Windows Not-Basic (so I can turn off all those background processes I don't actually need), but that's nothing new. I also pay more for more robust virus protection than McLaughing and So-sotech provide, but I appreciate that more and more amateur users are getting McAfee and Symantec anti-virus protection, since it means I'm less likely to come across them myself.

Yeah (as a computer user since at least the mid 80's), I was thinking that if we're going to have to get used to walled gardens, it would be nice to have a "Let me out, I know what I'm doing" option buried somewhere which users can enable if they don't like the restrictions of being in a sandbox. Then, non-power users can just ignore that option, and have a safe environment for browsing, and power users can flip the switch and tweak away to their hearts' content - everybody wins?

When an end-user downloads an add-on, and they mindlessly click through the confirmation boxes, any harm being done they are doing to themselves. This whole mentality that software has adopted lately that all products must act as the user's mother and guide them by the hand in every regard as if the user is mentally handicapped just makes me sick. The solution is obvious - don't even try to police the add-ons. As with advertising, word-of-mouth will take care of the problem. Add-ons that are malicious or come with unacceptable bugs will become notorious very quickly. The most effective lesson on why it is important to be more careful about what you download and install is to have to sit for 3 hours reformatting your hard drive and reinstalling your OS, just like the most effective lesson for learning not to touch a hot stove is to touch it and get burned. The user must learn to protect themselves because no matter how vigilant a company is, they will always be two or three steps behind the curve. There will always be more add-ons to check and it will never end. Everyone would benefit more if those resources were instead used to improve the browser itself.

He investigated the add-on himself after seeing reports from users about inflated memory usage. He found that it has a severely negative impact on Firefox's memory consumption and is so bad that can potentially impacts the browser's performance and stability.

McAfee? No really?Sounds just like what it does to Windows too. Of course, this is by design: it makes your PC so slow and unstable that even the bot herders won't touch it....